VoIP Survey Results of NGOs, Human Rights Groups and Activists

In November 2011, 25 individuals were surveyed using an online form, representing typical end-users, global journalists, activist and human rights organization perspectives (Thank you to all the participants!). The goal of the survey was to establish a baseline understanding of the types of tools and expectations our target user community has around making “telephone calls” over the internet, otherwise known as Voice over Internet Protocol (VoIP).

This survey is part of our work on the Open Secure Telephony Net (OSTN). In summary, we believe there is too great a reliance upon closed systems, proprietary protocols, and expensive commercial solutions, among the very people and groups who need a verifiable secure system based on free software. While using GPG for email, or OTR-encryption for chat have become somewhat standards go-tos for these groups, there has not been the same progress made on the secure voice front. OSTN aims to change that, but before we can, we need to understand where our target user community stand today.

Below you will find the questions and results from our small survey. We don’t claim to be big data scientists, but this is our starting point.

As expected, it was Skype, Skype, Skype, with a little Google Talk and Cisco thrown in here and there. Everyone knows Skypes, it works very well, and is even quite good at getting around firewalls.

The other in this survey was “Cisco”, which could either be a corporate or small business product. In some cases, these products are actually more standards compliant than something like Skype. One aspect of our research is to audit the compliance of existing commercial products with security standards such as TLS, SSL, SRTP and ZRTP.

It was interesting to see that Google Talk was a strong second to Skype. Other services like Facebook video calling or Apple Facetime are newer, and may not have had time for full adoption. Others included ippi.fr, a “free” SIP service that works with mobile phones. Not included in this list are Google+ Hangouts, which seem like a growing tool for group communications.

We hoped to understand how personal communications behavior might affect their use of VoIP systems in more professional settings. It seems like Skype again rules here.

The most troubling issue is that most people likely utilize the same account for both personal and professional communication. Skype does not make it easy to switch accounts or have multiple accounts open at once, unlike email programs or instant messaging programs. You must have one identity. This creates a huge amount of opportunity for social engineering type attacks, though analysis of that was beyond the scope of this survey.

We were glad to see that the majority of people surveyed were concerned about the privacy of their conversations, but it was a slim majority.

The possibilities of the “no” group may be that they feel the solutions they are using (Skype) are secure enough, as they have been told that by the providers. In addition, many NGO groups who fear foreign or remote threats, often feel no sense of privacy risk when operating in their home country. They only consider security issues when they engage in field work, but have very lax practices on a day to day basis. That perception of threat is a outdated in the age of a fully connected global network, through which physical locations and borders matter little.

In the end, the challenge is, as most everyone knows, to build a system that is as easy to use as Skype, but more secure. We realize that we are just a small open-source effort, and that ultimately we can’t compete with the likes of a Microsoft or even Google for that matter. Our goal is to help people and organizations who need to communicate sensitive information securely and safely, to have better options than they do now for both hosting their own servers and using simple client applications. Keep your eyes on the OSTN Wiki and this blog, as we progress over the coming weeks and months.